Urobil som toto
ComboFix 08-12-30.02 - admin 2008-12-31 11:53:57.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.3326.2803 [GMT 1:00]
Running from: d:\auta\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: Panda Antivirus 2008 *On-access scanning disabled* (Outdated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NTPROCDRV
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.
2008-12-30 23:42 . 2008-12-30 23:42 <DIR> d-------- c:\documents and settings\admin\Application Data\XnView
2008-12-30 21:41 . 2008-12-30 23:23 862,240 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-30 21:41 . 2008-12-30 23:23 12,224 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-30 21:24 . 2008-12-30 21:30 <DIR> d-------- C:\Combo-Fix
2008-12-30 11:59 . 2008-12-30 11:59 <DIR> d-------- c:\windows\system32\ageia
2008-12-30 11:59 . 2008-12-30 11:59 <DIR> d-------- c:\program files\AGEIA Technologies
2008-12-29 20:44 . 2008-12-29 20:47 <DIR> d-------- c:\documents and settings\admin\Application Data\Thinstall
2008-12-29 20:42 . 2008-12-29 20:45 351 --a------ c:\windows\WINCMD.INI
2008-12-29 16:34 . 2008-12-29 16:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ubisoft
2008-12-29 16:34 . 2008-12-29 16:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-12-29 11:42 . 2008-12-29 11:42 <DIR> d-------- c:\program files\Common Files\Panda Software
2008-12-29 11:42 . 2008-12-29 11:40 178,872 --a------ c:\windows\system32\drivers\PavProc.sys
2008-12-29 11:42 . 2008-12-29 11:40 38,968 --a------ c:\windows\system32\drivers\ShlDrv51.sys
2008-12-29 11:36 . 2008-12-29 11:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\sentinel
2008-12-29 11:35 . 2008-12-30 20:22 <DIR> d-------- c:\windows\system32\PAV
2008-12-29 11:35 . 2007-09-28 13:24 83,896 --a------ c:\windows\system32\drivers\pavdrv51.sys
2008-12-29 11:35 . 2007-03-15 18:38 54,832 --a------ c:\windows\system32\pavcpl.cpl
2008-12-29 11:35 . 2007-02-15 20:02 50,736 --a------ c:\windows\system32\avldr.dll
2008-12-29 11:35 . 2008-12-29 11:35 248 --a------ c:\windows\system32\PavCPL.dat
2008-12-29 00:35 . 2008-12-29 00:35 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-29 00:29 . 2008-12-29 00:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-12-29 00:28 . 2008-12-29 00:28 <DIR> d-------- c:\documents and settings\admin\Application Data\HateML
2008-12-28 23:43 . 2008-12-28 23:43 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-28 23:33 . 2008-12-12 18:01 3,067,904 -----c--- c:\windows\system32\dllcache\mshtml.dll
2008-12-28 23:33 . 2008-10-16 02:00 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2008-12-28 23:33 . 2008-10-16 02:00 666,112 -----c--- c:\windows\system32\dllcache\wininet.dll
2008-12-28 23:33 . 2008-10-16 02:00 619,520 -----c--- c:\windows\system32\dllcache\urlmon.dll
2008-12-28 23:32 . 2008-08-14 11:11 2,189,184 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-28 23:32 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-28 23:32 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-28 23:32 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-28 23:32 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-28 23:32 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-28 23:32 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-28 23:32 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-28 23:31 . 2008-05-01 15:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-28 23:30 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-28 23:30 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-28 23:30 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-28 21:14 . 2008-12-28 21:14 <DIR> d-------- c:\program files\Eidos
2008-12-27 19:58 . 2008-12-27 21:37 49 --a------ c:\windows\transp.gif
2008-12-27 19:47 . 2008-12-27 19:47 666,624 --a------ c:\windows\is-04TCV.exe
2008-12-27 19:47 . 2008-12-27 19:47 10,884 --a------ c:\windows\is-04TCV.msg
2008-12-27 19:47 . 2008-12-27 19:47 325 --a------ c:\windows\is-04TCV.lst
2008-12-26 23:58 . 2008-12-26 23:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-26 23:58 . 2008-12-26 23:58 <DIR> d-------- c:\documents and settings\admin\Application Data\Malwarebytes
2008-12-26 23:58 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 23:58 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-26 21:54 . 2008-12-26 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-26 21:54 . 2008-12-26 21:54 <DIR> d-------- c:\documents and settings\admin\Application Data\SUPERAntiSpyware.com
2008-12-26 21:53 . 2008-12-26 21:53 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-26 09:18 . 2008-12-26 09:18 <DIR> d-------- c:\documents and settings\admin\Application Data\Vso
2008-12-26 00:25 . 2008-12-26 00:29 262,144 --a------ c:\windows\system32\wrap_oal.dll
2008-12-26 00:25 . 2008-12-26 00:29 86,016 --a------ c:\windows\system32\OpenAL32.dll
2008-12-26 00:24 . 2008-12-26 00:24 <DIR> d-------- c:\windows\system32\Futuremark
2008-12-26 00:24 . 2007-09-07 14:55 27,672 --a------ c:\windows\system32\drivers\Entech.sys
2008-12-26 00:24 . 2007-09-07 14:55 12,744 --a------ c:\windows\system32\drivers\Entech64.sys
2008-12-26 00:24 . 2007-09-07 14:55 6,173 --a------ c:\windows\system32\drivers\Entech.vxd
2008-12-26 00:24 . 2001-11-19 20:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys
2008-12-25 23:58 . 2008-12-25 23:58 92 --a------ c:\windows\ProductKeyExplorer.INI
2008-12-25 20:08 . 2008-12-25 20:08 <DIR> d-------- c:\documents and settings\datart\Dokumenty
2008-12-25 20:08 . 2008-12-25 20:08 <DIR> d-------- c:\documents and settings\datart
2008-12-23 00:01 . 2008-12-23 00:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-22 23:59 . 2008-12-22 23:59 <DIR> d-------- c:\program files\Bonjour
2008-12-22 23:53 . 2008-12-22 23:53 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-12-22 23:46 . 2008-12-22 23:46 <DIR> d--h----- c:\windows\PIF
2008-12-22 10:47 . 2008-12-22 10:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Vivendi Universal Games
2008-12-22 10:47 . 2008-12-22 10:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Barbie Fashion Show
2008-12-21 22:44 . 2008-04-14 14:42 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-21 22:44 . 2008-12-21 22:44 177 --a------ C:\desktop.ini
2008-12-21 21:54 . 2008-12-21 21:54 <DIR> d-------- c:\documents and settings\admin\Application Data\Skinux
2008-12-21 21:53 . 2008-12-21 21:53 <DIR> d-------- c:\program files\The Skins Factory
2008-12-21 21:51 . 2003-12-13 00:40 202,763 --a--c--- c:\windows\system32\dllcache\uxtheme.dll
2008-12-21 19:40 . 2008-12-20 04:05 211 --ahs---- C:\BOOT.BKK
2008-12-21 19:37 . 2008-12-21 19:37 <DIR> d-------- c:\program files\TGTSoft
2008-12-21 19:12 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll
2008-12-21 19:11 . 2008-12-21 19:11 <DIR> d-------- c:\documents and settings\admin\Application Data\HP
2008-12-21 19:11 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-21 19:11 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-21 19:08 . 2008-12-21 19:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-21 19:05 . 2008-12-21 19:05 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-12-21 19:05 . 2008-12-21 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-12-21 19:03 . 2008-12-21 19:03 <DIR> d-------- c:\windows\system32\URTTEMP
2008-12-21 19:03 . 2008-12-21 19:05 <DIR> d-------- c:\program files\Common Files\HP
2008-12-21 19:01 . 2008-12-21 19:01 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-21 19:01 . 2008-12-21 19:01 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-12-21 18:58 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-12-21 18:58 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll
2008-12-21 18:58 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-12-21 18:58 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-12-21 18:58 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-12-21 18:58 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe
2008-12-21 18:58 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-12-21 18:56 . 2008-12-21 18:56 <DIR> d-------- c:\program files\HP
2008-12-21 18:56 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-21 18:56 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-12-21 18:54 . 2008-12-21 19:12 117,423 --a------ c:\windows\hpoins11.dat
2008-12-21 18:50 . 2008-12-21 18:50 <DIR> d-------- c:\program files\Common Files\snp2std
2008-12-21 18:50 . 2006-06-07 10:34 10,305,280 --a------ c:\windows\system32\drivers\snp2sxp.sys
2008-12-21 18:50 . 2006-05-15 15:52 675,840 --a------ c:\windows\vsnp2std.exe
2008-12-21 18:50 . 2005-01-26 15:45 349,472 --a------ c:\windows\WindowsXP-KB822603-x86.exe
2008-12-21 18:50 . 2006-05-22 10:37 262,144 --a------ c:\windows\tsnp2std.exe
2008-12-21 18:50 . 2006-04-07 10:33 147,456 --a------ c:\windows\rsnp2std.dll
2008-12-21 18:50 . 2004-08-09 17:43 94,208 --a------ c:\windows\amcap.exe
2008-12-21 18:50 . 2006-05-04 11:14 61,440 --a------ c:\windows\vsnp2std.dll
2008-12-21 18:50 . 2005-11-23 13:55 53,248 --a------ c:\windows\system32\csnp2std.dll
2008-12-21 18:50 . 2006-04-27 20:43 24,832 --a------ c:\windows\system32\drivers\sncamd.sys
2008-12-21 18:50 . 2006-06-01 11:26 20,480 --a------ c:\windows\FixCamera.exe
2008-12-21 18:50 . 2004-12-09 17:23 15,497 --a------ c:\windows\snp2std.ini
2008-12-21 18:50 . 2004-12-09 17:23 13,022 --a------ c:\windows\snp2std.src
2008-12-21 13:45 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2008-12-21 13:45 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2008-12-21 13:45 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2008-12-21 13:45 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2008-12-21 13:45 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2008-12-21 13:45 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2008-12-21 09:28 . 2008-12-28 23:45 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-21 09:26 . 2008-12-21 09:26 <DIR> d---s---- c:\documents and settings\admin\UserData
2008-12-21 09:16 . 2008-12-21 09:16 <DIR> d-------- C:\OpenSSL
2008-12-21 09:16 . 2008-12-21 09:16 155,648 --a------ c:\windows\system32\libssl32.dll
2008-12-21 05:48 . 2008-12-21 05:48 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2008-12-21 05:48 . 2008-12-21 05:48 1,060,864 --a------ c:\windows\system32\mfc71.dll
2008-12-21 05:48 . 2008-12-21 05:48 348,160 --a------ c:\windows\system32\Msvcr71.dll
2008-12-21 05:24 . 2008-12-30 12:02 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-21 05:22 . 2008-12-21 05:22 <DIR> d-------- c:\windows\system32\xlive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 10:56 16,608 ----a-w c:\windows\gdrv.sys
2008-12-30 10:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-29 15:23 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-20 03:30 --------- d-----w c:\program files\Intel
2008-12-20 03:29 --------- d-----w c:\program files\GIGABYTE
2008-12-20 03:29 --------- d-----w c:\program files\Browser Configuration Utility
2008-12-20 03:10 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@2008-12-30_19.54.49.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-31 10:57:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_78c.dat
- 2008-12-30 18:54:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2008-12-31 10:56:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}"= "c:\windows\system32\dvmurl.dll" [2008-05-03 146528]
[HKEY_CLASSES_ROOT\clsid\{0063bf63-bfff-4b8f-9d26-4267df7f17dd}]
[HKEY_CLASSES_ROOT\dvmurl.DvmIEGoogleSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="d:\program files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" [2007-10-04 455984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 d:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 20:02 50736 c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Games\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Games\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Games\\Midway Home Entertainment\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=
"d:\\Games\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 SASDIFSV;SASDIFSV;\??\d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\d:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-12-29 38968]
R2 GEST Service;GEST Service for program management.;"c:\program files\GIGABYTE\EnergySaver\GSvr.exe" [2008-12-20 80392]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;"c:\windows\HDThemeEnabler.exe" -service [2008-07-01 102400]
R2 MBAMService;MBAMService;"d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-26 170640]
R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys [2008-12-29 178872]
R3 LVHybrid;LVHybrid service;c:\windows\system32\DRIVERS\LVHybrid.sys [2006-05-16 892032]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-12-26 15504]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 SASENUM;SASENUM;\??\d:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys []
*Newly Created Service* - NTPROCDRV
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: d:\program files\Panda Security\Panda Antivirus 2008\pavlsp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-31 11:57:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-839522115-287218729-2147104195-1003\Software\Microsoft\Internet Explorer\MenuExt\E*NULL*&*NULL*x*NULL*p*NULL*o*NULL*r*NULL*t*NULL*o*NULL*v*NULL*a*NULL*e *NULL*d*NULL*o*NULL* *NULL*p*NULL*r*NULL*o*NULL*g*NULL*r*NULL*a*NULL*m*NULL*u*NULL* *NULL*M*NULL*i*NULL*c*NULL*r*NULL*o*NULL*s*NULL*o*NULL*f*NULL*t*NULL* *NULL*E*NULL*x*NULL*c*NULL*e*NULL*l*NULL*]
@Security="Inherited"
@="res://d:\\PROGRA~1\\MICROS~1\\OFFICE11\\EXCEL.EXE/3000"
"Contexts"=dword:00000001
[HKEY_USERS\S-1-5-21-839522115-287218729-2147104195-1003\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\U*NULL*l*NULL*o*NULL*~i*NULL*e *NULL*a*NULL*k*NULL*o*NULL*]
@Security="Inherited"
"PositionInfo-Monitor1"=hex:57,01,00,00,3c,01,00,00,00,00,00,00,00,00,00,00
[HKEY_USERS\S-1-5-21-839522115-287218729-2147104195-1003\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\U*NULL*l*NULL*o*NULL*~i*NULL*e *NULL*a*NULL*k*NULL*o*NULL*\File Name MRU]
@Security="Inherited"
"Value"=multi:"instalacia\00\00"
"Maximum Entries"=dword:0000000a
[HKEY_USERS\S-1-5-21-839522115-287218729-2147104195-1003\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\U*NULL*l*NULL*o*NULL*~i*NULL*e *NULL*a*NULL*k*NULL*o*NULL*\View]
@Security="Inherited"
"Data"=hex:04,16,00,47,28,14,14,14,0d,01,02,01,00,18,41,00,0d,00,fa,08,00,00,\
90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,\
90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,20,00,00,90,90,\
0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,04,00,0c,51,00,0d,\
00,18,04,00,0c,52,00,0d,00,10,40,00,08,42,00,0d,00,08,20,00,08,21,00,0d,00,\
fa,20,00,00,90,90,0d,00,fa,01,00,00,90,90,0d,00,fa,20,00,00,90,90,0d,00,fa,\
20,00,00,90,04,0d,00,fa,20,00,00,90,90,0d,00,fa,04,00,00,90,90,0d,00,fa,01,\
00,00,90,90,0d,00,fa,08,00,00,90,90
[HKEY_USERS\S-1-5-21-839522115-287218729-2147104195-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\P*NULL*r*NULL*í*NULL*s*NULL*l*NULL*u*NULL*ae*NULL*n*NULL*s*NULL*t*NULL*v*NULL*o*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,10,09,00,00,01,00,00,00,0e,00,00,00,8e,00,\
00,00,00,00,00,00,80,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6e,00,31,\
00,00,00,00,00,94,39,3d,19,11,00,43,4f,4d,4d,55,4e,7e,31,00,00,48,00,03,00,\
04,00,ef,be,94,39,ad,18,94,39,1d,22,14,00,32,00,43,00,6f,00,6d,00,6d,00,75,\
00,6e,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,73,00,00,00,40,73,68,65,\
6c,6c,33,32,2e,64,6c,6c,2c,2d,32,31,37,36,38,00,18,00,0e,00,00,00,0a,00,ef,\
be,01,00,00,00,18,00,00,00,00,00,00,00,00,00,8a,00,00,00,01,00,00,00,7c,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6a,00,31,00,00,00,00,00,94,39,76,\
19,11,00,53,59,53,54,45,4d,7e,31,00,00,44,00,03,00,04,00,ef,be,94,39,e5,18,\
94,39,1d,22,14,00,2e,00,53,00,79,00,73,00,74,00,65,00,6d,00,20,00,54,00,6f,\
00,6f,00,6c,00,73,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,31,\
37,38,38,00,18,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,18,00,00,00,00,00,00,\
00,00,00,f4,00,00,00,02,00,00,00,e6,00,00,00,41,75,67,4d,02,00,00,00,02,00,\
00,00,6c,00,31,00,00,00,00,00,94,39,f1,1a,11,00,45,4e,54,45,52,54,7e,31,00,\
00,46,00,03,00,04,00,ef,be,94,39,ee,1a,94,39,59,23,14,00,30,00,45,00,6e,00,\
74,00,65,00,72,00,74,00,61,00,69,00,6e,00,6d,00,65,00,6e,00,74,00,00,00,40,\
73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,31,37,37,32,00,18,00,0e,00,00,00,\
0a,00,ef,be,00,00,00,00,18,00,00,00,66,00,31,00,00,00,00,00,94,39,e5,18,11,\
00,45,4e,54,45,52,54,7e,31,00,00,32,00,03,00,04,00,ef,be,94,39,e5,18,94,39,\
1d,22,14,00,00,00,45,00,6e,00,74,00,65,00,72,00,74,00,61,00,69,00,6e,00,6d,\
00,65,00,6e,00,74,00,00,00,18,00,0e,00,00,00,00,00,ef,be,01,00,00,00,18,00,\
0e,00,00,00,0a,00,ef,be,01,00,00,00,18,00,00,00,00,00,00,00,00,00,f4,00,00,\
00,03,00,00,00,e6,00,00,00,41,75,67,4d,02,00,00,00,02,00,00,00,6c,00,31,00,\
00,00,00,00,94,39,3d,19,11,00,41,43,43,45,53,53,7e,31,00,00,46,00,03,00,04,\
00,ef,be,94,39,ee,1a,94,39,59,23,14,00,30,00,41,00,63,00,63,00,65,00,73,00,\
73,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,40,73,68,65,6c,6c,33,\
32,2e,64,6c,6c,2c,2d,32,31,37,36,30,00,18,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,18,00,00,00,66,00,31,00,00,00,00,00,94,39,e5,18,11,00,41,43,43,45,53,\
53,7e,31,00,00,32,00,03,00,04,00,ef,be,94,39,e5,18,94,39,1d,22,14,00,00,00,\
41,00,63,00,63,00,65,00,73,00,73,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,\
00,00,00,18,00,0e,00,00,00,00,00,ef,be,01,00,00,00,18,00,0e,00,00,00,0a,00,\
ef,be,01,00,00,00,18,00,00,00,00,00,00,00,00,00,96,00,00,00,04,00,00,00,88,\
00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,76,00,32,00,06,03,00,00,94,39,\
f1,1a,20,00,41,44,44,52,45,53,7e,31,2e,4c,4e,4b,00,00,4c,00,03,00,04,00,ef,\
be,94,39,f1,1a,94,39,f1,1a,14,00,36,00,41,00,64,00,64,00,72,00,65,00,73,00,\
73,00,20,00,42,00,6f,00,6f,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,\
65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,31,37,00,1c,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,05,00,00,00,84,\
00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,da,05,00,00,94,39,\
e5,18,20,00,43,41,4c,43,55,4c,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,04,00,ef,\
be,94,39,e5,18,94,39,e5,18,14,00,32,00,43,00,61,00,6c,00,63,00,75,00,6c,00,\
61,00,74,00,6f,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,\
32,2e,64,6c,6c,2c,2d,32,32,30,31,39,00,1c,00,0e,00,00,00,0a,00,ef,be,01,00,\
00,00,1c,00,00,00,00,00,00,00,00,00,8a,00,00,00,06,00,00,00,7c,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,6a,00,32,00,ef,05,00,00,94,39,3d,19,20,00,\
4e,6f,74,65,70,61,64,2e,6c,6e,6b,00,42,00,03,00,04,00,ef,be,94,39,ee,1a,94,\
39,ee,1a,14,00,2c,00,4e,00,6f,00,74,00,65,00,70,00,61,00,64,00,2e,00,6c,00,\
6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,35,31,\
00,1a,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1a,00,00,00,00,00,00,00,00,00,\
9e,00,00,00,07,00,00,00,90,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7e,\
00,32,00,cf,05,00,00,94,39,1d,19,20,00,57,49,4e,44,4f,57,7e,31,2e,4c,4e,4b,\
00,00,54,00,03,00,04,00,ef,be,94,39,ee,1a,94,39,ee,1a,14,00,3e,00,57,00,69,\
00,6e,00,64,00,6f,00,77,00,73,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,\
65,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,\
6c,2c,2d,32,32,30,36,37,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00,9a,00,00,00,08,00,00,00,8c,00,00,00,41,75,67,4d,02,\
00,00,00,01,00,00,00,7a,00,32,00,13,06,00,00,94,39,3d,19,20,00,43,4f,4d,4d,\
41,4e,7e,31,2e,4c,4e,4b,00,00,50,00,03,00,04,00,ef,be,94,39,ee,1a,94,39,ee,\
1a,14,00,3a,00,43,00,6f,00,6d,00,6d,00,61,00,6e,00,64,00,20,00,50,00,72,00,\
6f,00,6d,00,70,00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,\
32,2e,64,6c,6c,2c,2d,32,32,30,32,32,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,1c,00,00,00,00,00,00,00,00,00,84,00,00,00,09,00,00,00,76,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,64,00,32,00,eb,05,00,00,94,39,e5,18,20,00,\
50,61,69,6e,74,2e,6c,6e,6b,00,3e,00,03,00,04,00,ef,be,94,39,e5,18,94,39,e5,\
18,14,00,28,00,50,00,61,00,69,00,6e,00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,\
40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,35,34,00,18,00,0e,00,00,\
00,0a,00,ef,be,01,00,00,00,18,00,00,00,00,00,00,00,00,00,ca,00,00,00,0a,00,\
00,00,bc,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,aa,00,32,00,82,01,00,\
00,94,39,3d,19,20,00,50,52,4f,47,52,41,7e,31,2e,4c,4e,4b,00,00,80,00,03,00,\
04,00,ef,be,94,39,ee,1a,94,39,ee,1a,14,00,56,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,\
6c,00,69,00,74,00,79,00,20,00,57,00,69,00,7a,00,61,00,72,00,64,00,2e,00,6c,\
00,6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,63,6f,6d,70,61,74,55,49,2e,64,6c,6c,2c,2d,31,31,35,00,00,1c,00,0e,\
00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,94,00,00,00,\
0b,00,00,00,86,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,74,00,32,00,ef,\
05,00,00,94,39,3d,19,20,00,53,59,4e,43,48,52,7e,31,2e,4c,4e,4b,00,00,4a,00,\
03,00,04,00,ef,be,94,39,ee,1a,94,39,ee,1a,14,00,34,00,53,00,79,00,6e,00,63,\
00,68,00,72,00,6f,00,6e,00,69,00,7a,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,\
40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,32,30,36,32,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ae,00,00,00,0c,00,\
00,00,a0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8e,00,32,00,f7,05,00,\
00,94,39,3d,19,20,00,54,4f,55,52,57,49,7e,31,2e,4c,4e,4b,00,00,64,00,03,00,\
04,00,ef,be,94,39,ee,1a,94,39,ee,1a,14,00,3c,00,54,00,6f,00,75,00,72,00,20,\
00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,58,00,50,00,2e,00,6c,00,\
6e,00,6b,00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,\
32,5c,74,6f,75,72,73,74,61,72,74,2e,65,78,65,2c,2d,31,00,1c,00,0e,00,00,00,\
0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8a,00,00,00,0d,00,00,\
00,7c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6a,00,32,00,6f,03,00,00,\
94,39,e5,18,20,00,57,6f,72,64,50,61,64,2e,6c,6e,6b,00,42,00,03,00,04,00,ef,\
be,94,39,e5,18,94,39,e5,18,14,00,2c,00,57,00,6f,00,72,00,64,00,50,00,61,00,\
64,00,2e,00,6c,00,6e,00,6b,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,\
2d,32,32,30,36,39,00,1a,00,0e,00,00,00,0a,00,ef,be,01,00,00,00,1a,00,00,00,\
00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Owner=S-1-5-21-839522115-287218729-2147104195-1003
@Denied: (A 2) (Everyone)
@Denied: (A 2) (S-1-5-7)
@="FlashProp Class"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@Owner=S-1-5-21-839522115-287218729-2147104195-1003
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash6.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
@Owner=S-1-5-21-839522115-287218729-2147104195-1003
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\O*NULL*t*NULL*v*NULL*o*NULL*r*NULL*i*NULL*e *NULL*C*NULL*C*NULL*l*NULL*e*NULL*a*NULL*n*NULL*e*NULL*r*NULL*]
@Security="Inherited"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\O*NULL*t*NULL*v*NULL*o*NULL*r*NULL*i*NULL*e *NULL*C*NULL*C*NULL*l*NULL*e*NULL*a*NULL*n*NULL*e*NULL*r*NULL*\command]
@Security="Inherited"
@="d:\\Program Files\\CCleaner\\ccleaner.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\S*NULL*p*NULL*u*NULL*s*NULL*t*NULL*i*NULL*e *NULL*C*NULL*C*NULL*l*NULL*e*NULL*a*NULL*n*NULL*e*NULL*r*NULL*]
@Security="Inherited"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\S*NULL*p*NULL*u*NULL*s*NULL*t*NULL*i*NULL*e *NULL*C*NULL*C*NULL*l*NULL*e*NULL*a*NULL*n*NULL*e*NULL*r*NULL*\command]
@Security="Inherited"
@="d:\\Program Files\\CCleaner\\ccleaner.exe /AUTO"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\MediaProperties\PrivateProperties\Midi\Ports\M*NULL*a*NULL*p*NULL*o*NULL*v*NULL*a*NULL*T *NULL*M*NULL*I*NULL*D*NULL*I*NULL* *NULL*[*NULL*E*NULL*m*NULL*u*NULL*l*NULL*a*NULL*t*NULL*e*NULL*d*NULL*]*NULL*]
@Security="Inherited"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\MediaProperties\PrivateProperties\Midi\Ports\M*NULL*a*NULL*p*NULL*o*NULL*v*NULL*a*NULL*T *NULL*M*NULL*I*NULL*D*NULL*I*NULL* *NULL*[*NULL*E*NULL*m*NULL*u*NULL*l*NULL*a*NULL*t*NULL*e*NULL*d*NULL*]*NULL*\Out]
@Security="Inherited"
"DMPortGUID"=hex:cc,25,94,b8,69,00,ca,41,b6,94,e2,8a,c3,24,c7,15
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(764)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\avldr.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE
d:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
d:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
d:\program files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
d:\program files\Panda Security\Panda Antivirus 2008\WebProxy.exe
.
**************************************************************************
.
Completion time: 2008-12-31 11:58:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-31 10:58:43
ComboFix2.txt 2008-12-30 20:30:23
ComboFix3.txt 2008-12-30 19:22:50
ComboFix4.txt 2008-12-30 18:55:20
Pre-Run: 12 674 101 248 bytes free
Post-Run: 11 adresárov, 12,662,583,296 voľných bajtov
416